tls: add flag to disable session ticket in TLS 1.2

The existing GNUTLS_NO_TICKETS flag affects all versions of TLS, where
PFS is assured in TLS 1.3, while it is not in TLS 1.2.  This adds a
new flag GNUTLS_NO_TICKETS_TLS12 to allow applications to disable
session tickets only in TLS 1.2.

As the only means of resumption in TLS 1.3 is using session tickets,
we could repurpose the GNUTLS_NO_TICKETS flag make it no-op in TLS
1.3.  However it would break backward compatibility, so we defer it to
the next major release.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

1 files changed, 3 insertions, 1 deletions

diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index f8c0faff96..f7fc5d114a 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -454,6 +454,7 @@ typedef enum {
  *   This is not enabled by default as early data has weaker security properties than other data. Since 3.6.5.
  * @GNUTLS_FORCE_CLIENT_CERT: When in client side and only a single cert is specified, send that certificate irrespective of the issuers expected by the server. Since 3.5.0.
  * @GNUTLS_NO_TICKETS: Flag to indicate that the session should not use resumption with session tickets.
+ * @GNUTLS_NO_TICKETS_TLS12: Flag to indicate that the session should not use resumption with session tickets. This flag only has effect if TLS 1.2 is used.
  * @GNUTLS_KEY_SHARE_TOP3: Generate key shares for the top-3 different groups which are enabled.
  *   That is, as each group is associated with a key type (EC, finite field, x25519), generate
  *   three keys using %GNUTLS_PK_DH, %GNUTLS_PK_EC, %GNUTLS_PK_ECDH_X25519 if all of them are enabled.
@@ -517,7 +518,8 @@ typedef enum {
 	GNUTLS_AUTO_REAUTH = (1<<19),
 	GNUTLS_ENABLE_EARLY_DATA = (1<<20),
 	GNUTLS_NO_AUTO_SEND_TICKET = (1<<21),
-	GNUTLS_NO_END_OF_EARLY_DATA = (1<<22)
+	GNUTLS_NO_END_OF_EARLY_DATA = (1<<22),
+	GNUTLS_NO_TICKETS_TLS12 = (1<<23)
 } gnutls_init_flags_t;
 
 /* compatibility defines (previous versions of gnutls